General Data Protection Regulation

From SI410
Revision as of 15:58, 15 March 2019 by Ehuez (Talk | contribs) (Created page with "The General Data Protection Regulation, or GDPR, is reform of data protection policy, created by the European Union (EU) in May 2018. This set of policies applies to all compa...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

The General Data Protection Regulation, or GDPR, is reform of data protection policy, created by the European Union (EU) in May 2018. This set of policies applies to all companies operating in the EU, whether they are based in the EU or not, and processing the data of individuals living in the EU. Personal data is defined as something that identifies a person. This includes, but is not limited to: name, address, IP address, browsing history, etc. The main aim of the GDPR is to “harmonise” data protection in Europe as well as protect individuals’ data privacy. The regulation took four years of preparation. Companies were given from May 2016 to May 25, 2018 to implement the new regulation and if companies failed to comply, they could face immense fines.

The GDPR has 99 articles that work to 1) protect individuals’ data in the EU, giving them control over their own personal data and 2) hold organizations accountable by mandating evidence and justification for why they are using that data.

The GDPR has a significant effect on not only countries in the EU, but also all other countries that manage and hold data of EU citizens.

History of Data Protection in the EU

GDPR was preceded by the Data Protection Directive, which was adopted in 1995. The directive addresses personal data in a broad sense, since it does not specify that personal data has to be automated in order to be regulated. The main three principles allowing data to be processed are the following: transparency, legitimate purpose, and proportionality.

Premise

Data Controller

A company that collects data from residents of the EU.

Data Processor

A company that processes data for data controllers, such as a cloud service provider.

Structure

Of the 99 articles in the GDPR, there are 11 chapters and 171 recitals. The 11 chapters go as follows: I – General provisions II – Principles III – Rights of the data subject IV – Controller and processor V – Transfers of personal data to third countries or international organisations VI – Independent supervisory authorities VII – Cooperation and consistency VIII – Remedies, liability and penalties IX – Provisions relating to specific processing situations X – Delegated acts and implementing acts XI – Final provisions

Content

Right to Access

Retrieved from "http://si410wiki.sites.uofmhosting.net/index.php?title=General_Data_Protection_Regulation&oldid=76150"